Why am I still prompted for a password using sftp?

password sftp

20,760

Solution 1

It's not clear to me if you're trying to set up SSH keys. Have a look here for directions on how to do that.

Pay special attention to the part where you enter a passphrase. If you do not leave it empty, then you will still need to enter that passphrase when you want to connect. You might be asking yourself "OK, why go to all that trouble if I still need to enter a passphrase?" The answer is that this particular passphrase is to decrypt your local key when you want to use it. The passphrase never traverses the wire to the server, even in hashed form. You would want to use a passphrase if this is on a machine where someone else has root access (such as a hosted server), because if someone else gets your key, they would not be able to use it without decrypting it. However, if this is on your own local machine where only you have access, then you can consider it safe to leave the passphrase blank. That way, you can SSH or SFTP without ever being prompted.

Solution 2

Try to add IdentityFile and PasswordAuthentication in ~/.ssh/config

Host     fubar
Hostname fubar.ip.address.here
User     fubar_userid   
Port     22
IdentityFile fubar.private.key
PasswordAuthentication no

20,760

Author by

zundarz

Updated on September 18, 2022

Comments

zundarz 3 months
1. The remote system has the public key.
2. My .ssh/config file reads as follows:
```
 Host     fubar
 Hostname fubar.ip.address.here
 User     fubar_userid   
 Port     22
```
1. known_hosts entry: (same ip address as used #2)
  
  fubar.ip.address.here ssh-rsa BLAH_BLAH_key.....
Results of command:
```
$>sftp fubar
Connecting to fubar ....
[email protected]'s password:
```
Questions:
Why am I stil prompted for a password? What do I need to change to connect using keys and not get propmted for a password?
- Paul Haldane about 6 years
  
  Using the -v flag with the sftp command (indeed any of the s* commands) will shown details of how the client is connecting and trying to authenticate. That will usually tell you enough. If not, you probably need to look at the logs on the server you're connecting to.
zundarz about 6 years

added two last lines. Now message reads ..Permission denied (publickey,password).
zundarz about 6 years

Sysadmins created keys and now I'm trying to implement connectivity. Just to confirm what I understand. If the sysadmins used a password when creating the key, then I'll still need to enter that password when prompted. A solution would be be to create new public key and not provide a password when creating it?
Charles Burge about 6 years

Yes, you could do that yourself if you trust the sysadmins, but in this situation I think that's highly inadvisable. If you leave your key unencrypted, any unsavory sysadmin (even a future one) could use it to impersonate you and gain access to the remote hosts that you access.
Disova about 6 years

Check that public key on the target host present in ~fubar_userid/.ssh/authorized_keys and private key has permission 0600. Also, check ssh logs for more information.